My journey into entrepreneurship wasn't exactly conventional. For one thing, I actually had no intention of starting a business. At my first job, I worked as a web security tester (aka computer hacker) and created software that helped me do my job better.
On a whim, I called it Burp Suite and put it up for sale online. Surprisingly, this hobby project sparked the birth of what would become a thriving business.
When PortSwigger attracted paying clients, I soon had the funds to build a team. It was not a conscious decision to “start” the business without funding from any investors. I didn't know anything different; I assumed this was what all companies did.
With the right team, PortSwigger had the resources to create many other results, which we give away to the community: free software, cutting-edge research, and Web Security Academy, a free educational platform to learn about web security vulnerabilities. Coming from the world of our users, it was a natural instinct to give back.
After establishing Burp Suite as the leading software for web security testers, we expanded our focus to the enterprise market. We repurpose our core technology to enable large organizations to scan their websites at scale and enable software engineering teams to perform security testing within their development processes, detecting vulnerabilities before they go live. Today, more than 16,000 organizations in 160 countries, including Microsoft, Amazon, and NASA, rely on Burp Suite technology.
The journey so far has involved a variety of transformations, both for me and for PortSwigger. Hacking is very much a solo sport – just the tester and a laptop. I gradually moved from working alone to supporting a large team, obsessed with maintaining our healthy culture and exceptional performance.
In our early years selling software to security testers, we enjoyed highly efficient product-driven growth: no sales or marketing team, just self-service purchasing and organic brand amplification through viral network effects. As a technology founder, he had avoided “go-to-market” strategies, assuming they were a black box of dark arts that he didn't understand.
However, when we started creating software for enterprises, we discovered that we needed a more sales-oriented approach. Customers don't buy powerful business software with a credit card. I have learned to accept this side of the business and all that it entails.
It's the clear path to fulfilling our mission of enabling the world to secure the Web. And a better understanding of our customers and why they buy helps us refine our products.
Looking ahead, there is still much to do. Today, cybersecurity is a concern at the management level. Enterprise security teams tell us they are struggling to keep up with the magnitude of the challenge. As software development accelerates, there are too many applications, with faster release cycles and too few hours per week.
Web infrastructure is becoming more complex and abstract, creating vulnerabilities that are not visible in the code, but only arise in implementation. We are committed to solving this problem by providing enterprise security teams with the tools they need to stay on top of their attack surface without requiring additional scarce talent.
We are also deeply committed to the web security ecosystem and the millions of people who have used and shaped our products. We have exciting plans to better support our users, with more research, free-to-use tools, and community events.
I am delighted to see the PortSwigger feature in E2E Tech 100. This recognition is a testament to our incredible team and all they have achieved. We're proud to be a British success story helping to solve one of the world's most critical challenges. As we continue to grow, we are always looking for exceptional, innovative people who are passionate about making a difference. If you're eager to join a dynamic team at the forefront of cybersecurity, we'd love to hear from you.
